Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, the company provides an automated cloud-based service for securing web, mobile and third-party enterprise applications. Veracode provides multiple security analysis technologies on a single platform, including static analysis, dynamic analysis, mobile application behavioral analysis and software composition analysis.

Wikipedia
Veracode
Veracode
Blog Post
  • The shift to DevOps and DevSecOps has already happened, it's only a question of when we all catch up. Organizations in all industries are creating software not only faster, but also more precise, collaborative, and incremental ways than ever before. In fact, we’ve seen the shift in our own customer base, where the percentage of applications scanned for security on a weekly basis jumped 50 percent...

Veracode
Veracode
Blog Post
  • Speed rules in software development today. The DevOps model means getting newer, better, faster into the hands of customers as quickly as possible is the name of the game. But where does that leave security? If it’s not done right -- overlooked or worked around. Done right -- it’s embedded into the software development process from day one, unobtrusively checking for and removing vulnerabilities ...

Veracode
Veracode
Blog Post
  • In my three-plus years working with enterprise clients to help grow and mature their application security programs, I have seen the gamut of well-run programs and not-so-well run programs.  For the not-so-well-run programs, it is often the same reasons why the program is not successful and not reaching higher maturity levels.  The following are the top 5 mistakes I see most often: 1. No thoughtfu...

Veracode
Veracode
Blog Post
  • The days of security and development working in separate and isolated silos are over. Security is now a task shared by the development and security teams throughout the software lifecycle – from inception to production. Security testing has become primarily the responsibility of developers, with security taking on more of an enabling role – crafting and communicating policies, assisting with reme...

Veracode
Veracode
Blog Post
  • The hardest part of growing up is that everything you’re allowed to do is communicated in a general sense and everything that you’re not allowed to do is enumerated specifically and in detail AFTER you’ve gotten in trouble for doing it. So you’re told things like, “Go play in the yard.” Yet you get chewed out for very specifically flooding the yard to play mud football. Apparently the lawn, the w...

Veracode
Veracode
Blog Post
  • “The more things change the more they stay the same” could be the application security motto for 2017. Last year featured breaches stemming from the same vulnerabilities that have been wreaking havoc for years. In fact, we saw SQL injection in about 30 percent of the apps we scanned in 2017 – a number that hasn’t budged much since 2011. 2017 also shone a harsh spotlight on the risk of open source...

Veracode
Veracode
Blog Post
  • The shift to DevOps and DevSecOps is happening. Organizations in all industries are creating software not just faster, but also in a more precise, collaborative and incremental way. In fact, we’ve seen the shift in our own customer base, where the percentage of applications scanned for security on a weekly basis jumped 50 percent last year. And this shift casts a wide net, affecting everything fr...

Veracode
Veracode
Blog Post
  • “Value stream mapping” – that’s a Lean methodology for logistics and supply-chain processes, right? What does that have to do with software security? Good question! In the ’80s, value stream mapping applied to logistics and supply chain processes in the Japanese manufacturing industry. The success of the methodology for manufacturing led to wider adoption, including adoption in Lean software deve...

Veracode
Veracode
Blog Post
  • CA Technologies has released a new report, based on research conducted by industry analyst firm Freeform Dynamics, that sheds light on some of the obstacles for organizations seeking the advantages of a development approach that prioritizes application security, without sacrificing time-to-market and innovation. The report also offers evidence that integrating security throughout the development ...

Veracode
Veracode
Blog Post
  • 2017 was quite a year for application security. From big breaches to breakthroughs, 2017 featured a lot of scary headlines reflecting the sorry state of application security, but also news about companies moving the needle on AppSec, and regulators waking up to the reality about how data is exposed. Not surprisingly, our most popular 2017 blog posts mirror the trends and headlines – and reveal bo...

Veracode
Veracode
Blog Post
  • When it comes to open source and security, one of the most popular words that pops into the head of security aficionados and professionals is “dread.” Certainly that perception is driven by open source’s reputation – it is seen as fast, easy, low cost and, well, risky. With unknown hands touching the code – and a surprisingly low number of developers maintaining common components – it’s challengi...

Veracode
Veracode
Blog Post
  • The industry-wide shift to DevOps practices has changed more than just developer processes. It has also had a major impact on security, including application security testing techniques. Static analysis, for instance, has had to evolve along with development processes. Unlike early versions of static analysis solutions that only assessed completed code at the end of the development cycle, today’s...

Veracode
Veracode
Blog Post
  • This is the third entry in a series of blogs on how CA Veracode products fit into each stage of the software lifecycle – from coding to testing to production. We want to emphasize lifecycle here, because we continue to hear the misconception that application security falls squarely and solely into the testing stage. In our 10+ years helping organizations secure their applications, we’ve learned t...

Veracode
Veracode
Blog Post
  • The past year featured daily news about cyberattacks, data breaches, and software vulnerabilities. If it feels like our cybersecurity challenges grow bigger and more complex, year after year, it's more than just a perception. Research from security companies, including CA Veracode, shows that there are more attacks than ever, and organizations have not caught up with the preventive measures neede...

Veracode
Veracode
Blog Post
  • For the first time in four years, we have a new OWASP Top 10 list of the most critical application security risks. Cross-site request forgery (CSRF) and unvalidated redirects and forwards have been bumped off the list. XML external entities, insecure deserialization and insufficient logging and monitoring have been added. What’s the significance of both the additions, and the subtractions? CA Ver...

Veracode
Veracode
Blog Post
  • What is the fundamental purpose of data breach disclosures? To help the company breached? To help other companies in a similar position? To help the customers of the breached company? To help law enforcement? At its most extreme, should it ever be about shaming a company that had poor security? Depending on the circumstances, it can be about all of the above. Focus on the customer. That’s a commo...

Veracode
Veracode
Blog Post
  • Metrics are critical for measuring and expanding an application security program. And there are a lot of important numbers you need to track to gauge your program’s progress, but sometimes you need one number that sums up your progress. Executives don’t always want to see a slew of complicated charts and graphs – they want one simple number that answers, in a nutshell, is this working, are we get...

Veracode
Veracode
Blog Post
  • I’m always a fan of ending the year on a high note, so you can imagine how excited I am to share the news that CA Veracode has been named a leader in The Forrester Wave™: Static Application Security Testing, Q4 2017 report by Forrester Research. Forrester ranks its vendors through the detailed evaluation of the 10 most significant vendors in static application security testing (SAST). The report ...

Veracode
Veracode
Blog Post
  • As DevOps moves to DevSecOps, there is a significant “people” component involved in the shift. Development and security teams both need to overcome their “language barriers” and understand each other’s processes and priorities. The effort is worth it because we know that (1) the consequences of neglecting software security are getting more damaging and (2) embedding security early and often into ...

Veracode
Veracode
Blog Post
  • We recently published the State of Software Security Developer Guide, based on real application security testing data. Among the key takeways, the data in the report offers strong evidence that eLearning, security training, and DevSecOps practices have a positive effect on developers' effectiveness at fixing flaws in their code. In this episode of the AppSec in Review podcast, Evan Schuman and CA...

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.